Mar 28, 2024  
2021-2022 Archived Catalog 
    
2021-2022 Archived Catalog

COMN-184 Information Security in a Digital Age

Credits 3 / 3 Contact Hours
Pre-requisite: Placement into ACRD 080 ; COMN-120. NOTE: Students must provide own storage device.
This course explores the concepts of network security. Topics covered will include network security fundamentals, security threats and vulnerabilities, cryptography, access control and identity management, and compliance and operational security. This course will also help to prepare students for the CompTIA Security+ exam.

Course Outcomes
Introduction to Information Security

Learning Objectives

  • Define information security
  • Define key terms and critical concepts of information security
  • Explain the role of security in the systems development life cycle

Performance Standards

  • Define computer security
  • Define information security
  • Define the three characteristics of the C.I.A. triad
  • Define key information security concepts
  • Define the critical characteristics of information
  • Define the components of an information system
  • Describe the methodology of the Systems Development Life Cycle (SDLC)

The Need for Security

Learning Objectives

  • Describe the organizational need for information security
  • Describe the threats posed to information security and common attacks associated with those threats
  • Describe the common development failures and errors that result from poor software security efforts

Performance Standards

  • List four important functions that information security performs for an organization
  • Define compromises to intellectual property
  • Define information extortion
  • Define the various forms of deliberate software attacks
  • Define the various forms of technical hardware and software failures or errors

Legal, Ethical, and Professional Issues in Information Security

Learning Objectives

  • Describe the functions of and relationships among laws, regulations, and professional organizations in information security
  • Explain the differences between laws and ethics
  • Identify major national laws that affect the practice of information security
  • Discuss the role of privacy as it applies to law and ethics in information security

Performance Standards

  • Describe the various law and ethics in information security
  • Define international laws and legal bodies
  • Define the ethics of information security
  • Describe the codes of ethics of professional organizations

Planning for Security

Learning Objectives

  • Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines
  • Explain what an information security blueprint is
  • Describe how an organization institutionalizes policies, standards, and practices
  • Describe what contingency planning is

Performance Standards

  • Define the terms associated with information security planning and governance
  • Define the terms associated with information security policy, standards, and practices
  • Define the terms associated with the information security blueprint
  • Describe the process of developing a security education, training, and awareness program
  • Define contingency planning and how it relates to incident response planning, disaster recovery planning, and business continuity plans

Risk Management

Learning Objectives

  • Define risk management, risk identification, risk assessment, and risk control
  • Explain how risk is identified and assessed
  • Assess risk based on probability of occurence and likely expected impact
  • Explain the fundamental aspects of documenting risk
  • Define a risk mitigation strategy
  • Define risk appetite
  • Discuss conceptual frameworks for evaluating risk controls

Performance Standards

  • Define the various terms associated with risk management
  • Define the major stages of risk assessment
  • Define the three basic steps involving risk control
  • Describe the steps involved in quantitative versus qualitative risk management practices
  • Describe the factors involved in recommended risk control practices

Access Controls, Firewalls, and VPNs

Learning Objectives

  • Describe the role of access control in information systems
  • Define authentication
  • Define firewall technologies
  • Identify the various approaches to control remote and dial-up access
  • Define virtual private networks (VPNs)

Performance Standards

  • Identify and discuss the four fundamental functions of access control systems
  • Explain the three commonly used authentication factors
  • Describe the various categories of firewalls
  • Describe the process of authenticating and authorizing users to control remote and dial-up access
  • Describe the technology that enables virtual private networks (VPNs) to function

Intrusion Detection and Prevention Systems, and Other Security Tools

Learning Objectives

  • Identify intrusion detection and prevention systems
  • Define detection approaches
  • Define honeypots, honeynets, and padded cell systems
  • Define scanning and analysis tools

Performance Standards

  • Describe the categories and models of intrusion detection and prevention systems
  • Describe the detection approaches employed by modern intrusion detection and prevention systems
  • Describe honeypots, honeynets, and padded cell systems
  • List the major categories of scanning and analysis tools and describe the specific tools used within each category

Cryptography

Learning Objectives

  • Describe the basic principles of cryptography
  • Define the operating principles of cryptographic tools
  • Define the major protocols used for secure communication

Performance Standards

  • Define the various terms associated with the fundamentals of cryptography
  • Describe the cipher methods used for encryption
  • Define the cryptographic algorithms used for encryption and decryption operations
  • Describe the various cryptographic tools used in information systems
  • Define the process of securing web transactions with SET, SSL, and S-HTTP

Physical Security

Learning Objectives

  • Define the relationship between information security and physical security
  • Describe key physical security considerations
  • Identify critical physical environment considerations for computing facilities

Performance Standards

  • Define the relationship between information security and physical security
  • Define the terms and tools associated with physical access controls
  • Define the terms associated with fire security and safety
  • Define the three methods of data interception

Implementing Information Security

Learning Objectives

  • Describe how an organization’s information security blueprint becomes a project plan
  • Define the organizational considerations of a project plan
  • Describe technical strategies and models for implementing a project plan
  • Describe the nontechnical problems organizations face in times of rapid change

Performance Standards

  • Explain how an organization’s information security blueprint becomes a project plan
  • Define the terms associated with developing the project plan
  • Describe the factors involved in the technical aspects of implementation
  • Describe the factors involved in the nontechnical aspects of implementation

Security and Personnel

Learning Objectives

  • Describe the issues and concerns related to staffing the information security function
  • Describe how an organization’s employment policies and practices can support the information security effort
  • Describe the need for the separation of duties

Performance Standards

  • Describe the factors involving with positioning and staffing the security function
  • Describe the factors involved with implementing employment policies and practices
  • Describe the function of separation of duties in regards to internal control strategies

Information Security Maintenance

Learning Objectives

  • Describe the recommended security management models
  • Define a model for a full maintenance program
  • Define the key factors involved in monitoring the external and internal environment
  • Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance
  • Explain how to build readiness and review procedures into information security maintenance
  • Define digital forensics

Performance Standards

  • Describe the process of acquiring, analyzing, and maintaining potential evidentiary material
  • Define the types of security management maintenance models
  • Describe monitoring actions for the thirteen information security areas
  • Describe the five subject areas of the security maintenance model
  • Describe the factors involved in readiness and review